# $Id: PKGBUILD 180813 2013-03-26 12:05:23Z bisson $
# Contributor: Thomas Mudrunka <harvie@email.cz>
# Contributor: m4xm4n <max@maxfierke.com>
# Maintainer: Gaetan Bisson <bisson@archlinux.org>

pkgname=dnssec-anchors
pkgver=20130320
pkgrel=1
pkgdesc='DNSSEC trust anchors for the root zone'
url='http://data.iana.org/root-anchors/'
license=('custom:NoCopyright')
arch=('any')
source=('LICENSE'
        'trusted-key.key')
sha256sums=('dd37e92942d5a4024f1c77df49d61ca77fc6284691814903a741785df61f78cb'
            'ca6388cc16223b29b607f07a9aa77e0aa52f653106d440cdc92cc40e145a4bb5')

get_trusted-key() {
	drill -z -s DNSKEY . > root.key

	curl http://data.iana.org/root-anchors/root-anchors.xml |
	awk 'BEGIN{ORS=" "}(NR>4){gsub(/<[^>]*>/,"");print tolower($0)}' |
	sed 's/   /\n/' > root.ds

	# Any of those tests failing is suspicious; check thoroughly!
	[[ "$(<root.ds)" = '19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5' ]] &&
	grep -Pq 'IN\tDS\t'"$(<root.ds)" root.key ||
	return 1

	sed '/DNSKEY/s/ ;{id = '"$(cut -d\  -f1<root.ds)"' .*//;t;d' root.key > trusted-key.key
}

package() {
	cd "${srcdir}"
	install -Dm644 trusted-key.key "${pkgdir}"/etc/trusted-key.key
	install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
